VIRY.CZ

Dal som ho na úsporý mód, ale stále je teplý....scanuje ho momentálne mcafee a pred scannom bol zosekaný...

Musíte ho vyčistit

U odborníka?

Ale tne arthemis ma trápi...

Co konkrétně je s ním?

Vrátil som čas ma bod obnovy pred použitím combofixu pretože počítač bol poriadne zosekaný, už ani internet nešiel... mám urobiť novú kontrolu combofixu?

Ano

Tu je log...toho artemisa mi objavilo vtedy, keď som zmazával tie súbory avg pomocou combofixu...


ComboFix 11-07-21.02 - katka . 07. 2011 20:34:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4091.2802 [GMT 2:00]
Running from: c:\users\katka\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 18:44 . 2011-07-21 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 15:57 . 2011-07-20 15:57 -------- d-----w- c:\users\katka\AppData\Roaming\Malwarebytes
2011-07-20 15:57 . 2011-07-20 15:57 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 15:57 . 2010-11-29 15:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 13:45 . 2011-07-20 13:50 -------- d-----w- c:\users\katka\AppData\Roaming\PCStitch Pro
2011-07-19 22:27 . 2011-07-19 22:27 -------- d-----w- C:\rsit
2011-07-19 22:27 . 2011-07-19 22:27 -------- d-----w- c:\program files\trend micro
2011-07-19 10:10 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B98AEBCE-8BCF-4217-83D8-4E8567925CC2}\mpengine.dll
2011-07-18 19:12 . 2011-07-18 19:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-15 11:27 . 2011-07-15 11:27 -------- d-----w- c:\users\katka\AppData\Roaming\Atari
2011-07-15 11:09 . 2011-07-15 11:09 -------- d-----w- c:\program files (x86)\Atari
2011-07-15 11:09 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-07-15 11:09 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-07-15 11:08 . 2011-07-15 11:08 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-07-15 11:08 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-07-15 11:08 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-07-15 11:08 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-07-15 11:08 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-07-15 11:08 . 2011-07-15 11:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-07-07 23:39 . 2011-07-07 23:39 -------- d-----w- c:\programdata\Microsoft Help
2011-07-07 23:39 . 2011-07-07 23:39 -------- d-----w- c:\users\katka\AppData\Local\Microsoft Help
2011-07-07 22:17 . 2011-07-07 22:17 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-02 21:07 . 2011-07-02 21:07 -------- d--h--w- c:\programdata\Common Files
2011-07-02 21:06 . 2011-07-21 14:13 -------- d-----w- c:\programdata\AVG10
2011-07-02 07:39 . 2011-07-02 07:39 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-07-02 07:33 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-02 07:33 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-02 07:33 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-07-02 07:33 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-07-02 07:24 . 2010-02-05 07:18 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-07-02 07:24 . 2010-02-05 07:17 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-07-02 07:23 . 2011-07-02 07:39 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-07-02 07:23 . 2011-07-03 17:07 -------- d-----w- c:\program files (x86)\Spyware Doctor
2011-07-01 20:28 . 2011-07-03 11:45 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-07-01 20:28 . 2011-07-01 20:43 -------- d-----w- c:\programdata\PC Tools
2011-07-01 20:28 . 2011-07-01 20:28 -------- d-----w- c:\users\katka\AppData\Roaming\PC Tools
2011-06-30 12:25 . 2011-06-30 12:25 -------- d-----w- C:\output
2011-06-28 21:18 . 2011-07-14 08:25 -------- d-----w- c:\users\katka\AppData\Roaming\QuickScan
2011-06-28 08:10 . 2011-07-03 11:44 -------- d-----w- C:\676a689354ac6d7d82a6486bd7ce4f75
2011-06-24 18:41 . 2011-07-03 11:44 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 22:17 . 2011-06-04 09:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-25 13:57 . 2010-08-27 23:37 655360 ----a-w- c:\windows\SysWow64\vmprp331.ax
2011-06-25 13:57 . 2010-08-28 00:12 1171456 ----a-w- c:\windows\SysWow64\PicNotify.dll
2011-06-25 13:57 . 2010-08-27 23:21 274432 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-06-25 13:57 . 2010-08-28 00:12 77824 ----a-w- c:\windows\SysWow64\ILU.dll
2011-06-25 13:57 . 2010-08-28 00:12 32768 ----a-w- c:\windows\SysWow64\ILUT.dll
2011-06-25 13:57 . 2009-07-13 21:59 2531328 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-06-25 13:57 . 2009-07-13 21:59 3805184 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-06-25 13:57 . 2010-11-12 00:44 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-06-25 13:57 . 2010-02-19 19:27 843776 ----a-w- c:\windows\SysWow64\divx_xx16.dll
2011-06-25 13:57 . 2010-02-19 19:27 839680 ----a-w- c:\windows\SysWow64\divx_xx11.dll
2011-06-25 13:57 . 2010-02-19 19:27 856064 ----a-w- c:\windows\SysWow64\divx_xx0c.dll
2011-06-25 13:57 . 2010-02-19 19:27 856064 ----a-w- c:\windows\SysWow64\divx_xx07.dll
2011-06-25 13:57 . 2010-02-19 19:27 847872 ----a-w- c:\windows\SysWow64\divx_xx0a.dll
2011-06-25 13:57 . 2010-08-27 23:21 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-06-25 13:57 . 2010-08-27 23:21 53248 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-06-25 13:57 . 2010-08-27 23:21 53248 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-06-25 13:57 . 2010-08-27 23:21 446464 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-06-25 13:57 . 2010-08-27 23:21 3657728 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-06-25 13:57 . 2010-08-27 23:21 237568 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-06-25 13:56 . 2010-08-28 00:12 1044480 ----a-w- c:\windows\SysWow64\3DImageRenderer.dll
2011-06-25 13:49 . 2010-08-27 23:37 208896 ----a-w- c:\windows\Reg331Unstal.dll
2011-06-12 09:13 . 2011-06-12 09:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-06-04 09:40 . 2011-06-04 09:40 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-03 05:57 . 2011-07-14 13:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2011-04-18 19:34 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-14 12:20 . 2011-05-14 12:20 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-03 05:29 . 2011-06-17 15:02 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-17 15:02 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-02 08:45 . 2011-05-02 08:45 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-01 17:18 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-01 17:18 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-01 17:03 . 2011-05-01 17:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-01 17:03 . 2011-05-01 17:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-01 17:03 . 2011-05-01 17:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-01 17:03 . 2011-05-01 17:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-01 17:03 . 2011-05-01 17:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-01 17:03 . 2011-05-01 17:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-01 17:03 . 2011-05-01 17:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-01 17:03 . 2011-05-01 17:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-01 17:03 . 2011-05-01 17:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-01 17:03 . 2011-05-01 17:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-01 17:03 . 2011-05-01 17:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-01 17:03 . 2011-05-01 17:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-01 17:03 . 2011-05-01 17:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-01 17:03 . 2011-05-01 17:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-01 17:03 . 2011-05-01 17:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-01 17:03 . 2011-05-01 17:03 448512 ----a-w- c:\windows\system32\html.iec
2011-05-01 17:03 . 2011-05-01 17:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-01 17:03 . 2011-05-01 17:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-01 17:03 . 2011-05-01 17:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-01 17:03 . 2011-05-01 17:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-01 17:03 . 2011-05-01 17:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-01 17:03 . 2011-05-01 17:03 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-01 17:03 . 2011-05-01 17:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-01 17:03 . 2011-05-01 17:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-01 17:03 . 2011-05-01 17:03 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-01 17:03 . 2011-05-01 17:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-01 17:03 . 2011-05-01 17:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-01 17:03 . 2011-05-01 17:03 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-01 17:03 . 2011-05-01 17:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-01 17:03 . 2011-05-01 17:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-01 17:03 . 2011-05-01 17:03 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-01 17:03 . 2011-05-01 17:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-01 17:03 . 2011-05-01 17:03 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-01 17:03 . 2011-05-01 17:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-01 17:03 . 2011-05-01 17:03 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-01 17:03 . 2011-05-01 17:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-01 17:03 . 2011-05-01 17:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-01 17:03 . 2011-05-01 17:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-29 03:06 . 2011-06-17 15:02 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-17 15:02 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-17 15:02 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-17 15:02 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-17 15:02 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-17 15:02 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-17 15:03 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-17 15:03 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-17 15:25 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-17 15:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-17 15:25 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-17 15:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-25 12:35 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-25 98304]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2009-09-15 536576]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-08-28 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0039021310639213mcinstcleanup;McAfee Application Installer Cleanup (0039021310639213); [x]
R2 0069921305984216mcinstcleanup;McAfee Application Installer Cleanup (0069921305984216); [x]
R2 0191871304422590mcinstcleanup;McAfee Application Installer Cleanup (0191871304422590); [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 136176]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 13:56]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 13:56]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067309388-1185033214-2816805062-1000Core.job
- c:\users\katka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:06]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067309388-1185033214-2816805062-1000UA.job
- c:\users\katka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 08:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-08-28 00:12 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-27 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-27 2040352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1067309388-1185033214-2816805062-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1067309388-1185033214-2816805062-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-21 20:47:06
ComboFix-quarantined-files.txt 2011-07-21 18:47
ComboFix2.txt 2011-07-21 09:51
ComboFix3.txt 2011-07-20 17:35
.
Pre-Run: 412 528 754 688 bytes free
Post-Run: 411 894 927 360 bytes free
.
- - End Of File - - 5746E5C925CE365666AF6B57BBE4C1F0

Fajn, ted to vypadá jak?

celkom o.k ale stále ide trošku zpomalene... určite tam ešte niečo je... a tak napríklad nejaký prgram na likvidáciu viru okrem mbam? možno sa to podarí

avenger...čítal som o ňom na stránke, vyzerá sľubne...bez rádcu ale nič robiť nebudem

Avenger ne, tím se mažou konkrétní soubory.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript: - zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

OTL logfile created on: 7/21/2011 9:31:10 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\katka\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.41% Memory free
7.99 Gb Paging File | 5.89 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 383.49 Gb Free Space | 90.91% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.30 Gb Free Space | 97.59% Space Free | Partition Type: NTFS

Computer Name: KATKA-PC | User Name: katka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 21:28:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\katka\Downloads\OTL.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/22 10:06:02 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\katka\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/03/03 00:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/09/15 12:29:16 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/21 21:28:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\katka\Downloads\OTL.exe
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/30 14:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/03/03 06:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/08/11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/26 11:30:32 | 000,822,104 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\temp\0153191311274874mcinst.exe -- (0153191311274874mcinstcleanup) McAfee Application Installer Cleanup (0153191311274874)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/02 09:39:27 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/05/14 14:20:53 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011/05/02 10:45:28 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/12 05:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 06:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 05:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/15 20:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 14:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/09 08:53:06 | 000,207,232 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2009/10/19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/08/24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\katka\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/07/03 13:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/07/03 13:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/07/03 13:44:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/21 20:44:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110521144954.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110715125428.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 20:58:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/21 20:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/21 20:47:09 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/07/21 20:33:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/07/21 20:33:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/07/21 20:33:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/07/21 11:34:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/20 21:52:10 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{6E70EC7D-26E8-4A80-AB7A-FD14AEFB3378}
[2011/07/20 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2011/07/20 20:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2011/07/20 19:14:57 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/07/20 19:04:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/20 18:41:59 | 004,152,264 | R--- | C] (Swearware) -- C:\Users\katka\Desktop\ComboFix.exe
[2011/07/20 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Roaming\Malwarebytes
[2011/07/20 17:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/20 17:57:20 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/07/20 15:45:47 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Roaming\PCStitch Pro
[2011/07/20 00:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/07/20 00:27:25 | 000,000,000 | ---D | C] -- C:\rsit
[2011/07/18 21:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/18 17:54:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/15 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Roaming\Atari
[2011/07/15 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\katka\Documents\RCT3
[2011/07/15 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\katka\Documents\My Pictures
[2011/07/15 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\katka\Documents\My Music
[2011/07/15 13:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/07/15 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011/07/14 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/07/14 15:13:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2011/07/14 15:13:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/14 15:13:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/14 15:13:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/14 15:13:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/14 15:13:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/14 15:13:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/14 15:13:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/14 15:13:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/14 15:13:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/14 15:13:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/14 15:13:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/14 15:13:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/14 15:13:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/14 15:13:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/14 15:13:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/14 15:13:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/14 15:13:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/14 15:13:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/14 15:13:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/14 15:13:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/14 15:13:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/14 15:13:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/14 15:13:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/14 15:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/14 15:13:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/14 15:13:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/14 15:13:10 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2011/07/14 15:13:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2011/07/14 15:13:10 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2011/07/14 15:13:10 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/07/14 15:13:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2011/07/14 15:13:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2011/07/14 15:13:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2011/07/14 15:13:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2011/07/14 15:13:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2011/07/14 15:13:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2011/07/14 15:13:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2011/07/14 15:13:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2011/07/14 14:48:33 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/07/12 22:37:00 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{3E5F144B-9552-4A12-A4B9-8C15A9237C48}
[2011/07/08 01:39:22 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\Microsoft Help
[2011/07/08 01:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/07/08 00:22:37 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{0D4CA481-445B-4749-970D-316F115A7E86}
[2011/07/03 15:01:56 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{6FAF5358-F7A1-4C76-8C14-186358555020}
[2011/07/02 23:07:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/02 23:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/02 09:39:27 | 000,233,488 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2011/07/02 09:33:48 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2011/07/02 09:33:47 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2011/07/02 09:33:47 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2011/07/02 09:24:25 | 000,306,648 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2011/07/02 09:24:25 | 000,133,072 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2011/07/02 09:23:57 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2011/07/02 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/07/01 22:30:08 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll0711.old
[2011/07/01 22:30:08 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll0711.old
[2011/07/01 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Roaming\PC Tools
[2011/07/01 22:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/01 22:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/07/01 22:12:18 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{DE695BA9-7889-4B78-93C4-456906DEB4C3}
[2011/06/30 14:25:12 | 000,000,000 | ---D | C] -- C:\output
[2011/06/29 13:36:20 | 000,000,000 | ---D | C] -- C:\Users\katka\Desktop\Nový priečinok
[2011/06/29 05:06:11 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvinst.exe
[2011/06/29 05:06:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\devrtl.dll
[2011/06/29 05:06:02 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2011/06/29 05:06:02 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2011/06/29 05:06:02 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2011/06/29 05:06:02 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2011/06/29 05:06:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2011/06/29 05:06:01 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2011/06/29 05:06:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2011/06/29 05:06:01 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2011/06/29 05:06:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2011/06/29 05:06:01 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2011/06/29 05:06:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssphtb.dll
[2011/06/29 05:06:01 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2011/06/29 05:06:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2011/06/29 05:06:00 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll
[2011/06/28 23:18:12 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Roaming\QuickScan
[2011/06/28 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\katka\AppData\Local\{93C64EAD-4A22-48D6-86EA-30DA518FF86A}
[2011/06/28 10:10:57 | 000,000,000 | ---D | C] -- C:\676a689354ac6d7d82a6486bd7ce4f75
[2011/06/24 20:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

========== Files - Modified Within 30 Days ==========

[2011/07/21 21:32:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/07/21 21:26:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 21:26:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/21 21:13:15 | 000,000,934 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 21:11:05 | 000,001,022 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067309388-1185033214-2816805062-1000UA.job
[2011/07/21 20:52:11 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/07/21 20:44:02 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/07/21 20:33:15 | 004,152,264 | R--- | M] (Swearware) -- C:\Users\katka\Desktop\ComboFix.exe
[2011/07/21 20:21:36 | 000,000,930 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/21 20:21:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/20 18:16:40 | 000,289,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/18 21:13:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/15 16:51:08 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/15 16:51:08 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/15 16:51:08 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/15 00:26:20 | 000,054,755 | ---- | M] () -- C:\Users\katka\Documents\mf_296659940_6e586952acad24c480d65c232bf19bd3.jpg
[2011/07/15 00:26:09 | 000,060,895 | ---- | M] () -- C:\Users\katka\Documents\mf_296659925_e0b50388876d2e86797d4ea6d5fa2af5.jpg
[2011/07/14 20:03:52 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/07/14 12:12:16 | 000,002,401 | ---- | M] () -- C:\Users\katka\Desktop\Google Chrome.lnk
[2011/07/14 10:46:31 | 000,153,962 | ---- | M] () -- C:\Users\katka\AppData\Local\census.cache
[2011/07/14 10:46:16 | 000,097,636 | ---- | M] () -- C:\Users\katka\AppData\Local\ars.cache
[2011/07/14 10:35:56 | 000,000,036 | ---- | M] () -- C:\Users\katka\AppData\Local\housecall.guid.cache
[2011/07/06 10:11:01 | 000,000,970 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067309388-1185033214-2816805062-1000Core.job
[2011/07/02 09:39:27 | 000,233,488 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2011/07/02 09:39:27 | 000,092,896 | ---- | M] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2011/07/02 09:39:26 | 000,007,353 | ---- | M] () -- C:\windows\SysNative\drivers\pctcore64.cat
[2011/07/01 22:38:53 | 001,659,316 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\windows\PEV.exe
[2011/06/25 15:57:52 | 000,655,360 | ---- | M] () -- C:\windows\SysWow64\vmprp331.ax
[2011/06/25 15:57:46 | 001,171,456 | ---- | M] () -- C:\windows\SysWow64\PicNotify.dll
[2011/06/25 15:57:45 | 000,274,432 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysWow64\Oemdspif.dll
[2011/06/25 15:57:26 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\windows\SysWow64\ILU.dll
[2011/06/25 15:57:26 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\windows\SysWow64\ILUT.dll
[2011/06/25 15:57:25 | 003,805,184 | ---- | M] (Intel Corporation) -- C:\windows\SysWow64\igdumd32.dll
[2011/06/25 15:57:25 | 002,531,328 | ---- | M] (Intel Corporation) -- C:\windows\SysWow64\igd10umd32.dll
[2011/06/25 15:57:24 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\divx_xx16.dll
[2011/06/25 15:57:24 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\divx_xx11.dll
[2011/06/25 15:57:24 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\dpl100.dll
[2011/06/25 15:57:23 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\divx_xx0c.dll
[2011/06/25 15:57:23 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\divx_xx07.dll
[2011/06/25 15:57:23 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\windows\SysWow64\divx_xx0a.dll
[2011/06/25 15:57:04 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\SysWow64\atipdlxx.dll
[2011/06/25 15:57:03 | 003,657,728 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticaldd.dll
[2011/06/25 15:57:03 | 000,446,464 | ---- | M] (ATI Technologies Inc. ) -- C:\windows\SysWow64\aticfx32.dll
[2011/06/25 15:57:03 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\SysWow64\atiadlxy.dll
[2011/06/25 15:57:03 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalrt.dll
[2011/06/25 15:57:03 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\windows\SysWow64\aticalcl.dll
[2011/06/25 15:56:54 | 001,044,480 | ---- | M] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/06/25 15:49:15 | 000,208,896 | ---- | M] (Vimicro) -- C:\windows\Reg331Unstal.dll

========== Files Created - No Company Name ==========

[2011/07/21 21:32:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/07/21 20:33:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/07/21 20:33:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/07/21 20:33:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/07/21 20:33:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/07/21 20:33:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/07/18 21:13:04 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/18 21:13:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/15 00:26:24 | 000,054,755 | ---- | C] () -- C:\Users\katka\Documents\mf_296659940_6e586952acad24c480d65c232bf19bd3.jpg
[2011/07/15 00:26:16 | 000,060,895 | ---- | C] () -- C:\Users\katka\Documents\mf_296659925_e0b50388876d2e86797d4ea6d5fa2af5.jpg
[2011/07/14 20:03:52 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/07/14 10:46:31 | 000,153,962 | ---- | C] () -- C:\Users\katka\AppData\Local\census.cache
[2011/07/14 10:46:16 | 000,097,636 | ---- | C] () -- C:\Users\katka\AppData\Local\ars.cache
[2011/07/14 10:35:56 | 000,000,036 | ---- | C] () -- C:\Users\katka\AppData\Local\housecall.guid.cache
[2011/07/02 09:39:26 | 000,007,353 | ---- | C] () -- C:\windows\SysNative\drivers\pctcore64.cat
[2011/07/02 09:33:48 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2011/07/02 09:33:48 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2011/07/02 09:33:48 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml
[2011/07/02 09:33:48 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2011/07/02 09:33:47 | 001,152,444 | ---- | C] () -- C:\windows\UDB.zip
[2011/07/02 09:24:25 | 000,007,357 | ---- | C] () -- C:\windows\SysNative\drivers\pctgntdi64.cat
[2011/07/01 22:37:58 | 001,659,316 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/07/01 22:30:09 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll0711.old
[2011/07/01 22:28:17 | 000,007,353 | ---- | C] () -- C:\windows\SysNative\drivers\pctplsg64.cat
[2011/06/29 20:26:47 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/13 15:10:11 | 000,000,000 | ---- | C] () -- C:\Users\katka\AppData\Local\{ADA3F3D3-A765-427F-A254-AD8191443EBB}
[2011/05/20 09:20:52 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011/04/17 14:45:58 | 001,487,708 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/15 22:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/28 02:26:05 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2010/08/28 02:26:05 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2010/08/28 02:18:30 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2010/08/28 02:12:11 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2010/08/28 02:12:11 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2010/08/28 02:12:02 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2010/08/28 01:37:39 | 000,001,340 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2010/08/28 01:25:56 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/08/28 01:21:08 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Atari
[2011/05/02 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\DAEMON Tools Lite
[2011/07/15 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\IObit
[2011/05/02 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Leadertech
[2011/05/20 09:21:45 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Lenovo
[2011/07/20 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\PCStitch Pro
[2011/07/14 11:40:27 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\PhotoScape
[2011/07/14 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\QuickScan
[2011/07/20 18:11:31 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\SoftGrid Client
[2011/04/17 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\TP
[2011/05/17 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Windows Live Writer
[2011/06/30 21:31:57 | 000,032,564 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Advanced SystemCare 4" = C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe -- [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010/11/20 15:25:17 | 001,475,584 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Disabled (Startup Manager)]
"Skype" = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011/04/18 17:30:48 | 015,146,376 | R--- | M] (Skype Technologies S.A.)

< >


< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\windows\SysNative\autochk.exe
[2010/11/20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\drivers\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2010/11/20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2010/11/20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\windows\SysNative\cryptsvc.dll
[2010/11/20 15:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010/11/20 14:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2009/07/14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\windows\SysNative\csrss.exe
[2009/07/14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/08/27 16:48:16 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 --

C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/27 16:42:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/08/27 16:48:16 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/27 16:42:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/08/27 16:48:16 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/27 16:42:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/08/27 16:48:16 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/27 16:42:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009/07/14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\windows\SysNative\drivers\fastfat.sys
[2009/07/14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\windows\SysNative\hal.dll
[2010/11/20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTORV.SYS >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/08/27 16:57:58 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/08/27 16:57:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\drivers\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\ERDNT\cache64\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\windows\SysNative\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe

< MD5 for: NDIS.SYS >
[2010/11/20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\ERDNT\cache64\ndis.sys
[2010/11/20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\windows\SysNative\drivers\ndis.sys
[2010/11/20 15:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/20 15:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2010/08/27 16:57:58 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=1AD8FEF2D6AC7116B68B887A9782FD33 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16592_none_02584e6636a76a74\ntfs.sys
[2009/07/14 03:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[2011/03/11 08:23:06 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=378E0E0DFEA67D98AE6EA53ADBBD76BC -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[2010/08/27 16:57:58 | 001,685,888 | ---- | M] (Microsoft Corporation) MD5=57CE88567C456E3E55070195BCA8C4C0 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20712_none_03386c774f8427dd\ntfs.sys
[2011/03/11 08:25:53 | 001,685,888 | ---- | M] (Microsoft Corporation) MD5=867C1395F0100CBE9ACD73B1C2741149 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[2011/03/11 08:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 08:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\ERDNT\cache64\ntfs.sys
[2011/03/11 08:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\windows\SysNative\drivers\ntfs.sys
[2011/03/11 08:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

< MD5 for: NVRAID.SYS >
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\drivers\nvraid.sys
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
[2010/08/27 16:57:58 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=491E3CF1A4F0869E32197E34603B9BE1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvraid.sys
[2010/11/20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 15:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys
[2011/03/11 08:23:06 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A4D9C9A608A97F59307C2F2600EDC6A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvraid.sys
[2011/03/11 08:25:53 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=A5C82EB2F72AA004887F90B84A771F73 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvraid.sys
[2010/08/27 16:57:58 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=DEAB10231CBDB0881FC25428EBE11506 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2010/08/27 16:57:58 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/08/27 16:57:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\windows\SysNative\smss.exe
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/20 07:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/14 03:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 15:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\ERDNT\cache64\spoolsv.exe
[2010/11/20 15:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\windows\SysNative\spoolsv.exe
[2010/11/20 15:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2010/08/21 08:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\windows\SysNative\drivers\tcpip.sys
[2011/04/25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/04/25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/08/27 16:48:16 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/08/27 16:48:16 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010/11/20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2010/11/20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\windows\SysNative\ws2_32.dll
[2010/11/20 15:27:29 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010/11/20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009/07/14 03:41:12 | 000,027,648 | ---- | M] (Microsoft Corporation) --
[2010/11/20 15:27:28 | 000,039,424 | ---- | M] (Microsoft Corporation) --
[2009/07/14 04:30:16 | 000,003,584 | ---- | M] (Lexmark International Inc.) --

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2010/03/05 02:30:32 | 000,000,000 | ---- | M] () -- C:\windows\system32\drivers\17aa_Lenovo_G565_20071.MRK
[2009/06/10 23:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009/06/10 23:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/05/01 19:03:46 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtmsft.dll
[2011/05/01 19:03:46 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dxtrans.dll
[2011/04/23 01:32:21 | 009,703,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[4 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011/04/22 10:37:06 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Adobe
[2011/07/15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Atari
[2011/04/15 10:50:11 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\ATI
[2011/04/15 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\CyberLink
[2011/05/02 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\DAEMON Tools Lite
[2011/05/20 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\DivX
[2011/06/23 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Hamachi
[2011/04/15 10:49:23 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Identities
[2011/07/15 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\IObit
[2011/05/02 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Leadertech
[2011/05/20 09:21:45 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Lenovo
[2011/04/15 15:44:17 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Macromedia
[2011/07/20 17:57:59 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Malwarebytes
[2009/07/29 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Media Center Programs
[2011/07/08 01:39:33 | 000,000,000 | --SD | M] -- C:\Users\katka\AppData\Roaming\Microsoft
[2011/07/01 22:28:09 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\PC Tools
[2011/07/20 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\PCStitch Pro
[2011/07/14 11:40:27 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\PhotoScape
[2011/07/14 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\QuickScan
[2011/07/21 16:13:20 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Skype
[2011/07/21 16:00:16 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\skypePM
[2011/07/20 18:11:31 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\SoftGrid Client
[2011/04/17 14:47:51 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\TP
[2011/05/17 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\Windows Live Writer
[2011/04/16 18:22:23 | 000,000,000 | ---D | M] -- C:\Users\katka\AppData\Roaming\WinRAR

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >
[2011/04/17 17:16:20 | 000,010,134 | R--- | M] () -- C:\Users\katka\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk /p \??\C:

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
PENDINGFILERENAMEOPERATIONS REG_MULTI_SZ \??\C:\Program Files (x86)\McAfee\SiteAdvisor\Download\s2a0\0\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\??\C:\test0123\0\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\??\C:\Program Files (x86)\McAfee\SiteAdvisor\Download\s4gs\0\??\C:\Program Files (x86)\IObit\Advanced SystemCare 4\Test.exe\0\??\C:\ProgramData\IObit\Advanced SystemCare V4\temp.iniCopy\0!\??\C:\ProgramData\IObit\Advanced SystemCare V4\temp.ini\0\??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe\0\??\C:\Users\katka\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat\0\??\C:\Users\katka\AppData\Roaming\Microsoft\Windows\Cookies\index.dat\0\??\C:\Users\katka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\Archived History\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\Visited Links\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\Current Tabs\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-07\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-07-journal\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\Web Data\0\??\C:\Users\katka\AppData\Local\Google\Chrome\User Data\Default\Current Session

otl pokračovanie

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011/07/21 21:32:58 | 000,000,512 | ---- | M] () MD5=08A33FB6626EEB9B3279313498B69F07 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

Extras


OTL Extras logfile created on: 7/21/2011 9:31:10 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\katka\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.41% Memory free
7.99 Gb Paging File | 5.89 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 383.49 Gb Free Space | 90.91% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 28.30 Gb Free Space | 97.59% Space Free | Partition Type: NTFS

Computer Name: KATKA-PC | User Name: katka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{43FA2281-6E7B-2E21-3C8E-17C2F2549EFE}" = ccc-utility64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8068ACF9-B398-4C14-BEF6-817F12024707}" = Windows Live Family Safety
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-041B-1000-0000000FF1CE}" = Microsoft Office Klikni a spusti 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7C11B3E-3908-AC83-2015-F207578BBD9D}" = ATI Catalyst Install Manager
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0A1E49D2-A906-B157-9FF2-F9A769B7D18D}" = CCC Help Turkish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2B1897E1-4A34-57A5-2CAA-FBCD71B21665}" = CCC Help Chinese Traditional
"{30AD991C-682F-3B7E-4F5F-11E8E17A3A33}" = CCC Help English
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{3B1337E4-B80A-B3BB-6ED2-977FFBA40EE3}" = CCC Help Hungarian
"{3FBB64BD-0560-CDD0-17AC-B6E42940FEE0}" = CCC Help Korean
"{400E0117-F768-137F-20CC-3BEF6B9B9B8A}" = CCC Help Polish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{571CF82D-5CDF-F884-82B3-0A182A94A8A5}" = CCC Help Greek
"{5E8B7122-194F-319A-5D72-4F4300AC2834}" = Catalyst Control Center Core Implementation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CD39152-5499-8D27-A763-4C1EF5DF7642}" = CCC Help Portuguese
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731E357F-82E9-3644-1A54-B131A84C7F4F}" = CCC Help Thai
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777480E1-FAB9-E330-4805-CEC89FF0DECA}" = Catalyst Control Center InstallProxy
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C334B73-8330-9693-88A5-3246A42345F3}" = CCC Help Russian
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{89212ACF-C573-1B93-F71F-42506D9D43CD}" = CCC Help Norwegian
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7A4D97-0BC0-BDAD-3C83-0B2116F185F6}" = CCC Help French
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2D9423-314D-AEAC-40CE-8221CD8CC3A1}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-041B-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Slovenčina
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{978E7BF5-00F6-0760-584D-50FB9EBCDDC0}" = Catalyst Control Center Graphics Light
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF8CDF7-640A-0BF5-84AD-38DDB2BB06DF}" = ccc-core-static
"{A04B6558-B76B-CCBA-18E2-6998CAC36609}" = CCC Help Spanish
"{A10D9707-062C-8C31-D650-49262728FAC3}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6093CFA-3120-E131-737E-CDD4A8EF7497}" = CCC Help Dutch
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA4068EA-1481-85F6-4BA8-E0561EBC6E76}" = Catalyst Control Center Graphics Previews Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{BB6A9394-64F4-C525-F7D8-6AC2882F7D99}" = Catalyst Control Center Graphics Full New
"{BBC3BD86-98ED-31F1-18D1-1B46966C83E5}" = CCC Help Danish
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C49458C8-4E96-9396-3F94-0335A314F5D6}" = CCC Help Finnish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D839ADFB-FA15-978A-816B-48601709F410}" = CCC Help Swedish
"{DB38E2A9-3236-F846-F15F-BE2E4F8AAF06}" = Catalyst Control Center Localization All
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA8C838-2E01-96A2-813E-FDFFAFFEFA0C}" = Catalyst Control Center Graphics Full Existing
"{F09E072D-FC36-1F85-2F49-8D0418E52779}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66B4E34-6308-DF03-7439-8C4CADDE2A8E}" = CCC Help Italian
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FF03E70B-5BAF-DA4D-E82B-96C6D61FFACD}" = CCC Help Japanese
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 4 Retail DMT_is1" = Advanced SystemCare 4
"Browser Defender_is1" = Browser Defender 2.0.6.15
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster
"Hamachi" = Hamachi 1.0.2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"MSC" = McAfee AntiVirus Plus
"Office14.Click2Run" = Microsoft Office Klikni a spusti 2010
"PhotoScape" = PhotoScape
"Revo Uninstaller" = Revo Uninstaller 1.92
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1067309388-1185033214-2816805062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2011 12:04:27 PM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: mbam.exe, verzia: 1.50.0.0, časová značka:
0x4cf3c813 Názov chybového modulu: mbamcore.DLL, verzia: 1.50.0.0, časová značka:
0x4cf3cd2a Kód výnimky: 0xc0000005 Odstup chyby: 0x0000de41 Identifikácia chybného
procesu: 0x1034 Čas spustenia chybnej aplikácie: 0x01cc46f6a2c28cda Cesta chybnej
aplikácie: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Cesta chybného
modulu: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL Identifikácia
hlásenia: f0febee7-b2e9-11e0-b0bd-88ae1ddb72c7

Error - 7/20/2011 12:06:45 PM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: mbam.exe, verzia: 1.50.0.0, časová značka:
0x4cf3c813 Názov chybového modulu: mbamcore.DLL, verzia: 1.50.0.0, časová značka:
0x4cf3cd2a Kód výnimky: 0xc0000005 Odstup chyby: 0x0000de41 Identifikácia chybného
procesu: 0x1144 Čas spustenia chybnej aplikácie: 0x01cc46f6f9e98c9a Cesta chybnej
aplikácie: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Cesta chybného
modulu: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL Identifikácia
hlásenia: 434e5ae1-b2ea-11e0-b0bd-88ae1ddb72c7

Error - 7/20/2011 12:17:39 PM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: mbam.exe, verzia: 1.50.0.0, časová značka:
0x4cf3c813 Názov chybového modulu: mbamcore.DLL, verzia: 1.50.0.0, časová značka:
0x4cf3cd2a Kód výnimky: 0xc0000005 Odstup chyby: 0x0000de41 Identifikácia chybného
procesu: 0x4dc Čas spustenia chybnej aplikácie: 0x01cc46f87a79f7d2 Cesta chybnej
aplikácie: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Cesta chybného
modulu: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL Identifikácia
hlásenia: c982abce-b2eb-11e0-93f6-edbae4271fac

Error - 7/20/2011 12:19:05 PM | Computer Name = katka-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Službe Cryptographic Services sa nepodarilo inicializovať objekt System
Writer zálohy VSS. Details: Could not query the status of the EventSystem service.

System
Error: Systém sa vypína. .

Error - 7/20/2011 12:27:14 PM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: mbam.exe, verzia: 1.50.0.0, časová značka:
0x4cf3c813 Názov chybového modulu: mbamcore.DLL, verzia: 1.50.0.0, časová značka:
0x4cf3cd2a Kód výnimky: 0xc0000005 Odstup chyby: 0x0000de41 Identifikácia chybného
procesu: 0x1d8 Čas spustenia chybnej aplikácie: 0x01cc46f9d3ec841f Cesta chybnej
aplikácie: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Cesta chybného
modulu: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL Identifikácia
hlásenia: 1feacbb5-b2ed-11e0-a7e7-88ae1ddb72c7

Error - 7/20/2011 3:48:12 PM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: wmplayer.exe, verzia: 12.0.7601.17514, časová
značka: 0x4ce7a485 Názov chybového modulu: wmp.dll, verzia: 12.0.7601.17514, časová
značka: 0x4ce7ba7f Kód výnimky: 0xc0000005 Odstup chyby: 0x0057b6a1 Identifikácia
chybného procesu: 0x6b8 Čas spustenia chybnej aplikácie: 0x01cc470a07725710 Cesta
chybnej aplikácie: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Cesta
chybného modulu: C:\windows\system32\wmp.dll Identifikácia hlásenia: 33029b1f-b309-11e0-b63b-88ae1ddb72c7

Error - 7/21/2011 5:30:46 AM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: Firefox.exe, verzia: 2.3.5.189, časová značka:
0x49ec5532 Názov chybového modulu: Firefox.exe, verzia: 2.3.5.189, časová značka:
0x49ec5532 Kód výnimky: 0xc0000005 Odstup chyby: 0x00003be6 Identifikácia chybného
procesu: 0x1078 Čas spustenia chybnej aplikácie: 0x01cc4788de19637a Cesta chybnej
aplikácie: C:\32788R22FWJFW\Firefox.exe Cesta chybného modulu: C:\32788R22FWJFW\Firefox.exe
Identifikácia
hlásenia: 1c73ccbf-b37c-11e0-a936-88ae1ddb72c7

Error - 7/21/2011 5:31:16 AM | Computer Name = katka-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: PEV.exe, verzia: 0.0.0.0, časová značka:
0x4e06cfe8 Názov chybového modulu: PEV.exe, verzia: 0.0.0.0, časová značka: 0x4e06cfe8
Kód
výnimky: 0x40000015 Odstup chyby: 0x0008d1c0 Identifikácia chybného procesu: 0x2f8
Čas
spustenia chybnej aplikácie: 0x01cc4788f0435010 Cesta chybnej aplikácie: C:\windows\PEV.exe
Cesta
chybného modulu: C:\windows\PEV.exe Identifikácia hlásenia: 2e1f119a-b37c-11e0-a936-88ae1ddb72c7

Error - 7/21/2011 10:16:58 AM | Computer Name = katka-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 7/21/2011 2:21:34 PM | Computer Name = katka-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

[ Media Center Events ]
Error - 6/4/2011 5:37:38 AM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 11:37:38 - Chyba pripájania na Internet. 11:37:38 - Nebolo možné
spojiť sa so serverom..

Error - 6/11/2011 5:39:09 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:39:09 - Chyba pripájania na Internet. 23:39:09 - Nebolo možné
spojiť sa so serverom..

Error - 6/11/2011 5:39:22 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:39:15 - Chyba pripájania na Internet. 23:39:15 - Nebolo možné
spojiť sa so serverom..

Error - 7/7/2011 5:16:28 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:16:27 - Chyba pripájania na Internet. 23:16:28 - Nebolo možné
spojiť sa so serverom..

Error - 7/7/2011 5:16:43 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:16:33 - Chyba pripájania na Internet. 23:16:33 - Nebolo možné
spojiť sa so serverom..

Error - 7/8/2011 5:29:04 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:29:04 - Chyba pripájania na Internet. 23:29:04 - Nebolo možné
spojiť sa so serverom..

Error - 7/8/2011 5:29:21 PM | Computer Name = katka-PC | Source = MCUpdate | ID = 0
Description = 23:29:09 - Chyba pripájania na Internet. 23:29:09 - Nebolo možné
spojiť sa so serverom..

[ System Events ]
Error - 7/21/2011 10:19:23 AM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 7/21/2011 10:19:23 AM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 7/21/2011 2:22:38 PM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 7/21/2011 2:22:38 PM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 7/21/2011 2:23:48 PM | Computer Name = katka-PC | Source = Service Control Manager | ID = 7000
Description = Spustenie služby ReadyComm.DirectRouter zlyhalo kvôli nasledujúcej
chybe: %%2

Error - 7/21/2011 2:38:33 PM | Computer Name = katka-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 7/21/2011 2:43:10 PM | Computer Name = katka-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/21/2011 2:44:04 PM | Computer Name = katka-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 7/21/2011 3:53:14 PM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 7/21/2011 3:53:14 PM | Computer Name = katka-PC | Source = WMPNetworkSvc | ID = 866306
Description =


< End of report >